I like the idea of supporting WebTransport as an optional way of connecting to servers. It would enable protocol access from web browsers, which would open up a lot of cool possibilities, especially if an anonymous access feature was added. It would also make it possible to reverse proxy FriendNet
I think the default way clients handle certs for WebTransport should be just trusting the system's root CAs instead of the TOFU method used for normal connections. That would make more sense, since browsers can't be expected to trust random certs.
For the desktop clients, there should be a checkbox like "Use WebTransport", along with a (?) link to documentation about how WebTransport works in FriendNet. It would also be useful to have a select box if "Use WebTransport" is checked that would determine the certificate verification method (Use HTTPS Verification, Trust on First Use). It would also be possible to auto-detect the transport, so if the FriendNet ALPN is rejected, it can retry with h3 and try to check if FriendNet WebTransport is available. Maybe instead of a checkbox, there could be a "Transport Method" select box with options like Auto-Detect, FriendNet, WebTransport.
Direct connections should also support WebTransport.
I like the idea of supporting WebTransport as an optional way of connecting to servers. It would enable protocol access from web browsers, which would open up a lot of cool possibilities, especially if an anonymous access feature was added. It would also make it possible to reverse proxy FriendNet
I think the default way clients handle certs for WebTransport should be just trusting the system's root CAs instead of the TOFU method used for normal connections. That would make more sense, since browsers can't be expected to trust random certs.
For the desktop clients, there should be a checkbox like "Use WebTransport", along with a
(?)link to documentation about how WebTransport works in FriendNet. It would also be useful to have a select box if "Use WebTransport" is checked that would determine the certificate verification method (Use HTTPS Verification,Trust on First Use). It would also be possible to auto-detect the transport, so if the FriendNet ALPN is rejected, it can retry withh3and try to check if FriendNet WebTransport is available. Maybe instead of a checkbox, there could be a "Transport Method" select box with options likeAuto-Detect,FriendNet,WebTransport.Direct connections should also support WebTransport.